Tatiana Bradley | f1409b0 | 2023-05-24 14:02:12 -0400 | [diff] [blame] | 1 | id: GO-2022-0492 |
Damien Neil | b5cb765 | 2022-08-18 15:09:12 -0700 | [diff] [blame] | 2 | modules: |
Tatiana Bradley | 82175fd | 2023-05-31 17:04:08 -0400 | [diff] [blame] | 3 | - module: github.com/argoproj/argo-events |
| 4 | versions: |
| 5 | - fixed: 1.7.1 |
| 6 | vulnerable_at: 1.7.0 |
| 7 | packages: |
| 8 | - package: github.com/argoproj/argo-events/sensors/artifacts |
| 9 | symbols: |
| 10 | - NewGitReader |
| 11 | derived_symbols: |
| 12 | - GetArtifactReader |
Tatiana Bradley | 6a3b20c | 2023-06-05 13:34:46 -0400 | [diff] [blame] | 13 | summary: Path traversal in github.com/argoproj/argo-events |
Tatiana Bradley | ccdac2d | 2023-06-22 13:27:05 -0400 | [diff] [blame] | 14 | description: |- |
Damien Neil | 2b3cd68 | 2022-07-11 15:18:32 -0700 | [diff] [blame] | 15 | GitArtifactReader is vulnerable to directory traversal attacks. |
| 16 | |
Tatiana Bradley | ccdac2d | 2023-06-22 13:27:05 -0400 | [diff] [blame] | 17 | The GitArtifactReader.Read function reads and returns the contents of a Git |
| 18 | repository file. A maliciously crafted repository can exploit this to cause Read |
| 19 | to read from arbitrary files on the filesystem. |
Damien Neil | 95a417d | 2022-08-17 15:39:45 -0700 | [diff] [blame] | 20 | published: 2022-07-15T23:30:03Z |
Damien Neil | 2b3cd68 | 2022-07-11 15:18:32 -0700 | [diff] [blame] | 21 | cves: |
Tatiana Bradley | 82175fd | 2023-05-31 17:04:08 -0400 | [diff] [blame] | 22 | - CVE-2022-25856 |
Damien Neil | 2b3cd68 | 2022-07-11 15:18:32 -0700 | [diff] [blame] | 23 | ghsas: |
Tatiana Bradley | 82175fd | 2023-05-31 17:04:08 -0400 | [diff] [blame] | 24 | - GHSA-qpgx-64h2-gc3c |
Tatiana Bradley | 0910814 | 2023-05-18 16:23:32 -0400 | [diff] [blame] | 25 | credits: |
Tatiana Bradley | 82175fd | 2023-05-31 17:04:08 -0400 | [diff] [blame] | 26 | - Derek Wang |
Damien Neil | 00e94d7 | 2022-08-26 14:59:35 -0700 | [diff] [blame] | 27 | references: |
Tatiana Bradley | 82175fd | 2023-05-31 17:04:08 -0400 | [diff] [blame] | 28 | - fix: https://github.com/argoproj/argo-events/pull/1965 |
| 29 | - web: https://github.com/argoproj/argo-events/issues/1947 |
Tatiana Bradley | 69d9a20 | 2024-05-14 15:19:00 -0400 | [diff] [blame] | 30 | review_status: REVIEWED |